package com.lollipop.auth.server;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;


/**
 * @Author: J.K
 * @Date: 2021年08月17日  15:11:17
 * @Description: 授权服务端配置
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        // 允许表单提交
        security.allowFormAuthenticationForClients().checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory()
                // client端唯一标识
                .withClient("client-a")
                // 客户端的密码，这里的密码应该是加密后的
                .secret(passwordEncoder.encode("client-a-secret"))
                // 授权模式标识
                .authorizedGrantTypes("authorization_code")
                // 作用域
                .scopes("read_user_info")
                // 资源id
                .resourceIds("resource1")
                // 回调地址
                .redirectUris("http://localhost:9001/callback");
    }
}
